IP address blocking
IP address blocking is a configuration of a network service so that requests from hosts with certain IP addresses are rejected.
Unix-like operating systems commonly implement IP address blocking using a TCP wrapper, configured by host access control files /etc/hosts.deny and /etc/hosts.allow.
IP address blocking is commonly used to protect against brute force attacks. Both companies and schools offering remote user access use Linux programs such as DenyHosts or Fail2ban for protection from unauthorised access while allowing permitted remote access. This is also useful for allowing remote access to computers. It is also used for Internet censorship.
On a website, an IP address block can prevent a disruptive address from access, though a warning and/or account block may be used first. Dynamic allocation of IP addresses by ISPs can complicate incoming IP address blocking, rendering it difficult to block a specific user without blocking many IP addresses (blocks of IP address ranges), thereby creating collateral damage.
IP address blocking can be used to restrict access to or from a particular geographic area—for example, the syndication of content to a specific region, otherwise known as geo-blocking. To achieve this, IP addresses are mapped to the countries they have been assigned to. This has been used for example to target Nigerian IP addresses due to the perception that all business originating from the country is fraudulent, thus making it extremely difficult for legitimate businesses based in the country to interact with their counterparts in the rest of the world. To make purchases abroad, Nigerians must rely on proxy servers to disguise the true origin of an Internet request.
Avoiding address blocking
Proxy servers and other methods can be used to bypass the blocking of traffic from IP addresses.[1] However, anti-proxy strategies are available.
In a 2013 United States court ruling in the case Craigslist v. 3Taps, US federal judge Charles R. Breyer held that circumventing an address block to access a website is a violation of the Computer Fraud and Abuse Act (CFAA), punishable by civil damages for "unauthorized access".
References
- "How to: Circumvent Online Censorship". ssd.eff.org.